Huawei Products NULL Pointer Dereference Vulnerability in Message Handling
CVE-2020-9085 Published on December 27, 2024
There is a NULL pointer dereference vulnerability in some Huawei products. An attacker may send specially crafted POST messages to the affected products. Due to insufficient validation of some parameter in the message, successful exploit may cause some process abnormal. (Vulnerability ID: HWPSIRT-2017-10105) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9085.
Vulnerability Analysis
CVE-2020-9085 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to have no impact on confidentiality and integrity, and a small impact on availability.
Weakness Type
NULL Pointer Dereference
A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit. NULL pointer dereference issues can occur through a number of flaws, including race conditions, and simple programming omissions.
Products Associated with CVE-2020-9085
Want to know whenever a new CVE is published for Huawei B612 Firmware? stack.watch will email you.
Affected Versions
HUAWEI 4G Router B612:- Version B612s-25dTCPU-V100R001B192D03SP00C234 is affected.
- Version B612s-25dTCPU-V100R001B192D03SP00C287 is affected.
- Version B612s-25dTCPU-V100R001B192D05SP00C00 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.